Q: How to VNC Macs Using AD Accounts With Remote Management Enabled

Hi

I wanted to post this in case somebody else is having this same issue we had.

Issue:  Because we're using Apple Remote Desktop, Mac has Screen Sharing disabled because Remote Management is enabled.  Remote Management doesn't allow administration by non-local (e.g. Active Directory accounts with no mobile option selected) accounts. So if you're logged onto a Mac using an AD account you won't be able to VNC to another Mac that has Remote Management enabled unless you disable Remote Management and re-enable Screen Sharing, but if you enable Screen Sharing, Remote Management is disabled and you won't be able to manage the Mac with ARD.

Resolution:  The ARD documentation http://www.apple.com/remotedesktop/pdf/ARD3_AdminGuide.pdf describes built in administration groups:  ard_admin, ard_reports, ard_manage and ard_interact but isn't too clear about how to use them in an Active Directory environment.  This is what you need to do:

1.  In your Active Directory, create a group called ard_interact (the group must be called this exactly), and add the users you'd like to be able to VNC.

2.  On all Macs that you want to be able to VNC to , run sudo
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/ki ckstart
-configure -clientopts -setdirlogins -dirlogins yes

3.  Once this is done, you can VNC Macs whilst logged in with your AD account by going to Finder, selecting Go > Connect to Server ... entering vnc://targetmac.yourdomain.com ** note you must put the fully qualified name in ** and then clicking Connect.

Hope this helps someone.

Reference: https://jamfnation.jamfsoftware.com/discussion.html?id=4859